Security

Tunneler holds the keys to your accounts, so security is the product, not a feature. Here's how we protect your sessions and data.

Data protection

• Sessions encrypted at rest. Captured session cookies are encrypted with AES-256-GCM before they're stored. We reference your session; we don't keep a plaintext copy in application data.
• Tenant isolation. Every record is scoped to your workspace and enforced at the database layer with Postgres row-level security, not just application checks.
• Encryption in transit. All traffic is protected with TLS.
• Least privilege. Services run with the minimum access they need; the relay streams a browser to you without exposing raw credentials to the client.

Safety by design

• Off by default. External sends require an explicit arm switch. Nothing leaves your workspace until you turn it on.
• Guardrails before action. Every external action is evaluated before generation and again before execution; risky actions require human approval.
• Append-only audit. Every action and verdict is recorded immutably, so you always know what happened and why.
• Human-driven login. You log into your own accounts in a real browser. There is no stored master password and no automated-login fingerprint.

Infrastructure

Authentication and the primary database run on Supabase (managed Postgres). The API and browser workers run as isolated containers. Payments are handled by Stripe; we never see full card details.

Responsible disclosure

If you believe you've found a security vulnerability, please email security@tunneler.ai with details and steps to reproduce. We'll acknowledge your report, investigate, and keep you updated. Please give us a reasonable window to remediate before public disclosure, and avoid accessing or modifying data that isn't yours.

On the roadmap

SSO, granular roles, audit-log export, and a formal compliance program (SOC 2) are planned as we mature.

Questions about our security posture? security@tunneler.ai